Question: What file (NTFS) and share permissions are recommended, to allow a Windows user to open an iBlaze/Enterprise client application?

Answer:  iBlaze/Enterprise client users need "Modify" rights (i.e. everything short of "Full Control") on all iBlaze/Enterprise application and data directories, as well as "Read/Edit" on the share where the data is found. For more detail, please see below.

 

Summation IBlaze and Summation Enterprise will store user preferences at various different profile folders, for each individual user. Certain errors can occur if iBlaze/Enterprise users do not have the ability to write to those preference files (e.g. "SUMPREF environment variable not set", random crash, etc.).

In addition, Iblaze and Enterprise will attempt to write to the case database and index files per the user's Windows permissions.

The following are some file and share guidelines to consider for non-admins.

 

General Scenario (General settings to allow access):

1) File System Permissions

    • Set the file system permissions for the Summation iBlaze or Enterprise application directory (e.g. C:\Summation\Iblaze) to FULL CONTROL for the appropriate Active Directory (AD) groups/users.
    • To ensure proper permissions inheritance, from the Security tab, click the "Advanced" button and ensure the "Replace permission entries on all child objects with entries shown here that apply to child objects" option is selected.

2) Share Permissions

    • Set the share permissions, for the same AD groups/users from step 1, to READ/WRITE. iBlaze and Enterprise users need the ability to open the share and traverse each folder to the iBlaze or Enterprise application directory.

Secure Scenario (Minimum settings to allow access):

1) File System Permissions--Folders

    • The following directories, found in the iBlaze or Enterprise application directory, must have MODIFY, READ & EXECUTE, and WRITE for the appropriate AD groups/users:
      • Casedata
      • Cases
      • Profiles.
    • To ensure proper permissions inheritance, from the Security tab, click the "Advanced" button and ensure the "Replace permission entries on all child objects with entries shown here that apply to child objects" option is selected.
    • All other directories can be READ-only to non-admins.

NOTE: Administrator-level users (i.e. endusers who are to be running the "Administrator Console" application for iBlaze or Enterprise) will need MODIFY rights to the Admin folder as well.

2) File System Permissions (con't)--Files at iBlaze/Enterprise root

    • In addition, please set the file permissions to MODIFY, READ & EXECUTE, and WRITE for all INI, INF, and LOG files located at the root of the application directory. This change is needed for the same AD groups/users from step 1.

3) Share Permissions

    • Set the share permissions, for the same AD groups/users from step 1, to READ/WRITE. iBlaze and Enterprise users need the ability to open the share and traverse each folder to the iBlaze or Enterprise application directory.

 

Applies to:

Summation iBlaze (all versions)

Summation Enterprise (all versions)